subdomain takeover (stealing websites)

Is your code secure? Use this FREE tool (CodeSec) to find out: bit.ly/3tcPUQx
TOOLS USED IN THIS VIDEO
---------------------------------------------------
- AMASS: github.com/OWASP/Amass (find subdomains)
-TakeOver: github.com/m4ll0k/takeover (subdomain takeover vulnerability scanner)
-Dig (apt install dig)
🔥🔥Join Hackwell Academy!: ntck.co/NCAcademy
0:00 ⏩ Intro
0:18 ⏩ How subdomain takeover works
1:59 ⏩ Why Subdomain takeovers are dangerous
2:33 ⏩ Make sure your code is secure using codesec!
4:06 ⏩ find our targets subdomains using Amass
5:06 ⏩ The username is not available
5:57 ⏩ IT actually worked!!
6:17 ⏩ Once you’re in github…
6:58 ⏩ The same thing can happen with Azure
7:45 ⏩ so how do you protect your website

Thanks for your video. I learns a lot and useful to my job.

Super video Chuck Your videos are awesome And informative 👍🏿

Thanks for this vid! I have been looking into domain take over a bit recently and this really clears it up for me.

Love your content.....keep doing great things!

I love your content so much chuck

Thanks for the video Chuck! It will definitely all the website developers!

you are doing such a fabulous job 😜

This goes even deeper... you own a DNS name and then abandon it after several years... (perhaps an unforeseen event or your start-up fails)... Some 3rd party eventually purchased my old domain and used the way back machine to re-create the website... WARNING... think hard before abandoning a domain name!

Keep going men I love your content it's very helpful thank you ♥️

I don't get it, if the website is deployed from github, why would you ever delete your github account? You would have probably switched to another repo or just uploaded the files directly to your server before you delete your account while your website is still dependent on it. I also don't understand why this is only a vulnerability with subdomains.

For my company, our security requires any external facing sub domains can only be on 443, no 80 or re-directs like this shown. The owner has the attest to it and put new certs every 90 days and we monitor all external facing URL's. This is a serious open window that a lot of corporations do not even bother to worry about. But I'm glad I work with and lead one of the best IT security teams in my industry where we are constantly 5 steps further then what is required for our various regulations (PCI/ISO/SEC/FRB/etc...)

loved your all content sir

i feel like this video was inspired by the "Avoiding DNS Pain" NDC talk that was uploaded 3 weeks ago.
they cover this exact problem and also one solution (basically DNS as code like infrastructure as code).

Love your videos ❤

I'm loving this!!

Remember kids ...
it's always DNS, always.

Great video as always. I notice that you display the ANM27T! I just got some too!

Very very interesting video, sir puted in a very cool and funny way :)
You got a sub from me!

Great video, please coninue making these kinds of videos

Hey bro, love your content a lot

LESGOOO FIRST COMMENT! keep the vids coming love your content

This happens all the time even for large companies including microsoft, amazon, walmart, etc that people use subdomains to send spam mail from the main domain from the actual company making hard to block spam mail because you can't just block the email address or the domain because you might actually want email from the actual company. Most email services don't allow blocking subdomains only email addresses themselves or primary domains. So people just make infinite amounts of sub domains for the primaries of an actual companies domains making it hard to block spam. At times it almost feels like the spammer have hacked the mail servers themselves and using it to spam and it's even funner when they are able to send spam mail out with no email address at all because the servers don't check to see is the account sending actually exist or even cares if the send mail is blank. It's even more fun when some emails services have auto avatar and names loading that get associated with the spammers email making it even look more like a real email. It's kind of hard for me to explain this lol.

This man got me all the time 🔥💥

I love this guy, I've learned a lot from you sir

Nice new studio 🤩

Mr Beast Game sweatshirt 😂😂😂
btw. i love your videos!

Nice video, just a question. If you have control of the main domain and delete the entry for the subdomain that was took over, that would be the end off correct? Or is there a way to take full control of asub domain regardless of the main domain DNS records?

Thank you sir for another great video, been getting much great lesson from your channel 👍

Amazing video. Also can we get a kali Linux intro series

Now I know the difference between real voice chuck and content creator chuck. BTW luv the videos !

Just curious what is your input in the targets.txt file ?

The worst part of this...as an end user, there is really no way of knowing if this happened.
You can get an SSL certificate for the redirected subdomain, which means HTTPS will work fine.

Wow superb Boss 👍👍

Another video by chuck
Thank Goodness

Now this is something of my interest

Thank you for this very informative video, so could you please do a video on the best method to secure DNS and a site? Thanks.

There are actually some commercial vendors that do monitor for this kind of stuff (RiskIQ being one), it's not cheap, but it does do a decent job of detecting this.

I saw something recently call no-code programming. Can you give your perspective on it?

So cool content and so less likes. Shame in you guys. Thanks for this.

@networkchuck can you please make a video of your tools and gadgets?! We need to know. Like a tour of your desk :p

Your new studio is nice .... but I like the previous one more😂😅

Is there a free hacking software for Windows? Like the one you use in Linux but then for Windows?

NetworkChuck: You'res could be next Me who dosent have money for domain: yes.

Always remember kids - "It's only for educational purposes"

You are better than any AI !

There is somebody exploiting your number 2 before you had a chance to film. Proof positive that somebody is always trying to mess with your sh*t.

…that was quick. I am glad I grabbed my small coffee mug.

Man I love you so much

I didnt know about this, looks scary.

Wow! So Cool! 😂👍👍👍

Great vid. subfinder, sublist3r, findomain, assetfinder, subjack and subzy can be used for that purpose too. :)

that's a great video, thanq

* Insert gif of Captain Holt saying “Bingpot!” here *

This is terrifying.

Please make videos on (Bug Bounty) techniques..........

Your Content was good

Love your videos. Always awesome.
Something I have always been curious about. What do you use to draw on your desktop?

CodeSec!! 🎉

Best prevention is to not have a website

This is as powerful as giving Blue tick for 8$ and achieve any identification and status with a unethical or biased thoughts

That's something big companies wouldn't do. Nice video, but no big company would do this.

MrBeast Gaming Hoodie. Like a KING

super cool video. Can i get the name of the backgroud music? Please?

What about a subdomain takeover with Fastly?

Nice hairstyle bro!

ANM27T, you've done an amazing job. How are you going to make all of these films and write all of the text in such a short amoun

make a course on ceh practical

what happens if I go to a suspicious link and it crosses out and clears the log, can the page still retrieve data?

Nice, very nice.

I hold ANM27T. Very promising project, and its ecosystem maintains complete anonymity

On ANM27T go long when the sell pressure reduce.

4:15 is all of us before we found you

What's better holding into crash or being safe with ANM27T tell me

Did mr. Beast sponsor this video btw i love your video

How to run tool in kalilinux from any path ?

I have a question.
Is this DNS rebinding?

Will you make any research videos about ANM27T

Gosh darn dangling pointers.

Yes but if you use A record instead of CNAME aren't you more safe?

Make a video that you are pen testing your own website, find vulnerability and prevent it (if u find). Just to see a real and live hacking on your own🔥

How do you put your vem fullscreen help I need help

Same thing I did to take over Facebook account in old days. when an email IDs gets deleted because u didn't logged in for 6 month 😆

Whats the name of the software with e green W

How to get the takeover tool. I didn't find in github

New week up as many FOMO in. But the ANM27T story isn’t over yet. The only strat that works under all circumstances is DCA all the time with solid, large companies (not hyped ones).

NC family 💖💖🥳

Awww chuck loves mr beast merch 😌😌😌😌❤️

TakeOver Script is not available on this user where can i find this exact script?

don't have one, jokes on them 😅.

Bro, i bought ANM27T in September after your video. i'm up 79%.

Sorry I don't understand the part that you created file called fun html.

all of this because github can't fkkking clear the dns setting when the account is deleted

takeover moved or was deleted

If a hacker hacks my website, I’d let them have it :) I don’t have a website. They were pranked!

Me watching Network Chuck has Beast Gaming Hoodie 😂

is it possible to takeover the maindomain from a subdomain ?
Greets

I don't know how that works precisely, but wouldn't they have to have valid SSL certificates? They could likely get one easy enough, but even for my small domain I get warnings of certificates are issued, so I'd notice if an certificate is issued without it being from me or my services.
EDIT: Yup, going by you completing a DNS Challenge you had to get a certificate so that'd protect me.
Also I don't point any of my subdomains to some route out of my control, so even not looking for certificates I should be fine as long as that's the case. And even if I do that, these will be the only kind of subdomains attack able with that exploit.

Sir please make a one video on betting site hacking 🥺

Everyone waited for Amazon to create ANM27T and the time is ready